From efadbb3f589c33fc6e1851eae7539c1c03022eb9 Mon Sep 17 00:00:00 2001 From: botanic Date: Mon, 8 Sep 2014 11:46:43 -0700 Subject: [PATCH] make the random generation more secure --- code/web/private_php/ams/autoload/ticket.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/code/web/private_php/ams/autoload/ticket.php b/code/web/private_php/ams/autoload/ticket.php index e6af8e188..d70ba7036 100644 --- a/code/web/private_php/ams/autoload/ticket.php +++ b/code/web/private_php/ams/autoload/ticket.php @@ -606,14 +606,16 @@ class Ticket{ public static function add_Attachment($TId,$filename,$author,$tempFile){ global $FILE_STORAGE_PATH; - $length = 20; - $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_'; + $length = mt_rand(20, 25); + $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ$-_.+!*\'(),'; $randomString = ''; for ($i = 0; $i < $length; $i++) { $randomString .= $characters[rand(0, strlen($characters) - 1)]; } $targetFile = $FILE_STORAGE_PATH . $randomString . "/" . $filename; + if(file_exists($targetFile)) { return self::add_Attachment($TId,$filename,$author,$tempFile); } + $ticket = new Ticket(); $ticket->load_With_TId($TId);